Tag: microsoft
-
PowerShell Gallery Prone to Typosquatting, Other Supply Chain Attacks
by
in SecurityNewsMicrosoft is aware of the issue, but so far its attempts to address it don’t appear to have worked, researchers say. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/powershell-gallery-prone-to-typosquatting-other-supply-chain-attacks
-
Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts
by
in SecurityNewsCybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-adobe-docusign-oauth-apps-target-microsoft-365-accounts/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 37
by
in SecurityNewsSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Undercover miner: how YouTubers get pressed into distributing SilentCryptoMiner as a restriction bypass tool Ragnar Loader Desert Dexter. Attacks on Middle Eastern countries Ballista New IoT Botnet Targeting Thousands of TP-Link Archer Routers Microsoft patches […]…
-
Exchange Online- und MS365-Probleme durch Schwachstelle? (März 2025)
by
in SecurityNewsMicrosoft kämpft seit Februar 2025 mit Störungen seiner Microsoft 365-Dienste und Exchange Online, hält sich aber bezüglich der Ursache bedeckt. Mir liegen Informationen vor, dass ein Bug bzw. eine Schwachstelle in Microsoft Exchange Online dazu führte, dass ein Eingriff eines … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/03/15/exchange-online-und-ms365-probleme-durch-schwachstelle-maerz-2025/
-
Microsoft Update Catalog: Sicherheitsrisiko durch Rechteerweiterungen (CVE-2024-49147)
by
in SecurityNewsIch stelle noch eine Sicherheitsmeldung hier im Blog ein, die mir bereits seit Mitte Dezember 2024 vorliegt, aber “hängen geblieben ist”. Im Microsoft Update-Katalog gab es eine kritische Schwachstelle CVE-2024-49147, die im Microsoft Update Catalog Rechteerweiterungen ermöglichte. Diese Schwachstelle wurde … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/03/15/microsoft-update-catalog-sicherheitsrisiko-durch-rechteerweiterungen-cve-2024-49147/
-
Exchange Online- und MS365-Probleme durch Schwachstelle? (März 2025
by
in SecurityNewsMicrosoft kämpft seit Februar 2025 mit Störungen seiner Microsoft 365-Dienste und Exchange Online, hält sich aber bezüglich der Ursache bedeckt. Mir liegen Informationen vor, dass ein Bug bzw. eine Schwachstelle in Microsoft Exchange Online dazu führte, dass ein Eingriff eines … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/03/15/exchange-online-und-ms365-probleme-durch-schwachstelle-maerz-2025/
-
Microsoft restores VS Code theme flagged as malicious: We messed up
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/microsoft-restores-vs-code-theme-flagged-as-malicious-we-messed-up
-
Week-long Exchange Online outage causes email failures, delays
by
in SecurityNewsMicrosoft says it partially mitigated a week-long Exchange Online outage causing delays or failures when sending or receiving email messages. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/week-long-exchange-online-outage-causes-email-failures-delays/
-
Tech giants seek data standards amid AI push
Microsoft, IBM and Cisco are among the vendors backing the OASIS Data Provenance Standards Technical Committee announced last week. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-data-quality-ibm-microsoft-red-hat-cisco/742581/
-
Tech industry alliance rallies around data quality
by
in SecurityNewsMicrosoft, IBM and Cisco are among the vendors backing the OASIS Data Provenance Standards Technical Committee announced last week. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-data-quality-ibm-microsoft-red-hat-cisco/742581/
-
Microsoft Windows: Kritische Sicherheitslücke entdeckt
by
in SecurityNewsFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/microsoft-windows-kritische-sicherheitsluecke-2025
-
New Microsoft 365 Phishing Scam Tricks Users Into Calling Fake Support
by
in SecurityNewsNew Microsoft 365 phishing scam exploits fake support numbers to steal credentials. Learn how attackers bypass security and how to stay protected. First seen on hackread.com Jump to article: hackread.com/new-microsoft-365-phishing-scam-calling-fake-support/
-
New Context Compliance Exploit Jailbreaks Major AI Models
by
in SecurityNewsMicrosoft researchers have uncovered a surprisingly straightforward method that can bypass safety guardrails in most leading AI systems. In a technical blog post published on March 13, 2025, Microsoft’s Mark Russinovich detailed the >>Context Compliance Attack
-
New CCA Jailbreak Method Works Against Most AI Models
by
in SecurityNewsTwo Microsoft researchers have devised a new jailbreak method that bypasses the safety mechanisms of most AI systems. The post New CCA Jailbreak Method Works Against Most AI Models appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/new-cca-jailbreak-method-works-against-most-ai-models/
-
Fast 1 Million Geschäfts- und Privat-PCs kompromittiert
by
in SecurityNews
Tags: ciso, control, cyersecurity, github, mail, malware, microsoft, powershell, ransomware, softwareEin Bericht von Microsoft zeigt, wie wichtig es für CISOs ist, das Sicherheitsbewusstsein ihrer Mitarbeiter zu schulen.Malware ist und bleibt ein massives Problem, welches CISOs zunehmend Kopfzerbrechen bereitet. Insbesondere wenn Mitarbeitende durch unvorsichtiges Online-Surfen ihre Geräte und ganze IT-Netzwerke mit Schadsoftware infizieren. Sind Systeme kompromittiert, kann das schwerwiegende Konsequenzen wie Ransomware-Attacken nach sich ziehen. Zu…
-
The most notorious and damaging ransomware of all time
by
in SecurityNews
Tags: access, android, attack, backdoor, backup, banking, botnet, breach, communications, computer, control, credentials, cryptography, cyber, cybercrime, dark-web, data, defense, detection, email, encryption, endpoint, exploit, extortion, finance, flaw, framework, germany, google, government, group, hacker, hacking, healthcare, infection, infrastructure, international, jobs, korea, law, lazarus, leak, linux, malicious, malware, microsoft, mobile, msp, network, north-korea, office, open-source, oracle, password, phishing, phone, powershell, ransom, ransomware, russia, service, software, spam, switch, technology, threat, tool, ukraine, update, usa, virus, vulnerability, windowsConti: History: First appearing in May 2020, the Conti RaaS platform is considered the successor to the Ryuk ransomware. As of January 2021, Conti is believed to have infected over 150 organizations and earned millions of dollars for its criminal developers and their affiliates. At least three new versions have been found since its inception.How it works: Conti uses the…
-
New Microsoft 365 Attack Leverages OAuth Redirection for Credential Theft
by
in SecurityNewsThreat researchers at Proofpoint are currently tracking two sophisticated and highly targeted cyber-attack campaigns that are utilizing OAuth redirection mechanisms to compromise user credentials. These attacks combine advanced brand impersonation techniques with malware proliferation, focusing on Microsoft 365-themed credential phishing designed to facilitate account takeovers (ATOs), as per a report shared in the platform, X.…
-
Silk Typhoon Targeting IT Supply Chains and Network Devices, Microsoft Reports
by
in SecurityNews
Tags: china, espionage, exploit, group, intelligence, microsoft, network, supply-chain, tactics, threatMicrosoft Threat Intelligence has issued new reporting about tactics being used by Silk Typhoon (also called APT27 or HAFNIUM by some researchers). Silk Typhoon is a Chinese espionage group, observed targeting Microsoft Exchange Servers in 2021, now reported to be targeting common IT solutions for initial access. Microsoft reports that Silk Typhoon exploits unpatched applications,……
-
Microsoft apologizes for removing VSCode extensions used by millions
by
in SecurityNewsMicrosoft has reinstated the ‘Material Theme – Free’ and ‘Material Theme Icons – Free’ extensions on the Visual Studio Marketplace after finding that the obfuscated code they contained wasn’t actually malicious. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-apologizes-for-removing-vscode-extensions-used-by-millions/
-
Windows Notepad to get AI text summarization in Windows 11
by
in SecurityNewsMicrosoft is now testing an AI-powered text summarization feature in Notepad and a Snipping Tool “Draw & Hold” feature that helps draw perfect shapes. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-notepad-to-get-ai-text-summarization-in-windows-11/
-
Microsoft says button to restore classic Outlook is broken
by
in SecurityNewsMicrosoft is investigating a known issue that causes the new Outlook email client to crash when users click the “Go to classic Outlook” button, which should help them switch back to the classic Outlook. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-says-button-to-restore-classic-outlook-is-broken/
-
That ‘angry guest’ email from Booking.com? It’s a scam, not a 1-star review
by
in SecurityNewsPhishers check in, your credentials check out, Microsoft warns First seen on theregister.com Jump to article: www.theregister.com/2025/03/13/bookingdotcom_phishing_campaign/
-
Microsoft Warns of Hospitality Sector Attacks Involving ClickFix
by
in SecurityNewsA cybercrime group named Storm-1865 has targeted hospitality organizations via fake Booking.com emails and the use of social engineering. The post Microsoft Warns of Hospitality Sector Attacks Involving ClickFix appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-warns-of-hospitality-sector-attacks-involving-clickfix/
-
‘ClickFix’ Phishing Scam Impersonates Booking.com to Target Hospitality
by
in SecurityNewsMicrosoft said the ongoing phishing campaign is designed to infect hospitality firms with multiple credential-stealing malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/clickfix-phishing-scam-booking/
-
Microsoft Finally Patches 2-Year-Old Windows Kernel Security Flaw
by
in SecurityNewsMicrosoft has released a critical patch for a 2-year-old Windows kernel security vulnerability. This vulnerability, identified as CVE-2025-24983, allows attackers to exploit a weakness in the Windows Win32 Kernel Subsystem, leading to an elevation of privilege. The patch comes after extensive research by security experts, who first detected the exploit in the wild in March…
-
Kernel-Schwachstelle: Zero-Day-Lücke in Windows wird seit 2023 aktiv ausgenutzt
by
in SecurityNewsForscher haben schon vor zwei Jahren die Ausnutzung einer Schwachstelle im Windows-Kernel beobachtet. Einen Patch liefert Microsoft erst jetzt. First seen on golem.de Jump to article: www.golem.de/news/kernel-schwachstelle-zero-day-luecke-in-windows-wird-seit-2023-aktiv-ausgenutzt-2503-194259.html